mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 18:00:48 +00:00
353 lines
13 KiB
Go
353 lines
13 KiB
Go
package domain
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/backend/v3/storage/database"
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
)
|
|
|
|
//go:generate enumer -type IDPType -transform lower -trimprefix IDPType
|
|
type IDPType uint8
|
|
|
|
const (
|
|
IDPTypeUnspecified IDPType = iota
|
|
IDPTypeOIDC
|
|
IDPTypeJWT
|
|
IDPTypeOAuth
|
|
IDPTypeLDAP
|
|
IDPTypeAzure
|
|
IDPTypeGitHub
|
|
IDPTypeGitHubEnterprise
|
|
IDPTypeGitLab
|
|
IDPTypeGitLabSelfHosted
|
|
IDPTypeGoogle
|
|
IDPTypeApple
|
|
IDPTypeSAML
|
|
)
|
|
|
|
//go:generate enumer -type IDPState -transform lower -trimprefix IDPState
|
|
type IDPState uint8
|
|
|
|
const (
|
|
IDPStateActive IDPState = iota
|
|
IDPStateInactive
|
|
)
|
|
|
|
//go:generate enumer -type IDPAutoLinkingOption -transform lower -trimprefix IDPAutoLinkingOption
|
|
type IDPAutoLinkingOption uint8
|
|
|
|
const (
|
|
IDPAutoLinkingOptionUnspecified IDPAutoLinkingOption = iota
|
|
IDPAutoLinkingOptionUserName
|
|
IDPAutoLinkingOptionEmail
|
|
)
|
|
|
|
type OIDCMappingField int8
|
|
|
|
const (
|
|
OIDCMappingFieldUnspecified OIDCMappingField = iota
|
|
OIDCMappingFieldPreferredLoginName
|
|
OIDCMappingFieldEmail
|
|
// count is for validation purposes
|
|
//nolint: unused
|
|
oidcMappingFieldCount
|
|
)
|
|
|
|
type IdentityProvider struct {
|
|
InstanceID string `json:"instanceId,omitempty" db:"instance_id"`
|
|
OrgID *string `json:"orgId,omitempty" db:"org_id"`
|
|
ID string `json:"id,omitempty" db:"id"`
|
|
State string `json:"state,omitempty" db:"state"`
|
|
Name string `json:"name,omitempty" db:"name"`
|
|
Type string `json:"type,omitempty" db:"type"`
|
|
AllowCreation bool `json:"allowCreation,omitempty" db:"allow_creation"`
|
|
AutoRegister bool `json:"autoRegister,omitempty" db:"auto_register"`
|
|
AllowAutoCreation bool `json:"allowAutoCreation,omitempty" db:"allow_auto_creation"`
|
|
AllowAutoUpdate bool `json:"allowAutoUpdate,omitempty" db:"allow_auto_update"`
|
|
AllowLinking bool `json:"allowLinking,omitempty" db:"allow_linking"`
|
|
AllowAutoLinking string `json:"allowAutoLinking,omitempty" db:"allow_auto_linking"`
|
|
StylingType *int16 `json:"stylingType,omitempty" db:"styling_type"`
|
|
Payload *string `json:"payload,omitempty" db:"payload"`
|
|
CreatedAt time.Time `json:"createdAt,omitempty" db:"created_at"`
|
|
UpdatedAt time.Time `json:"updatedAt,omitempty" db:"updated_at"`
|
|
}
|
|
|
|
type OIDC struct {
|
|
ClientID string `json:"clientId,omitempty"`
|
|
ClientSecret crypto.CryptoValue `json:"clientSecret,omitempty"`
|
|
Issuer string `json:"issuer,omitempty"`
|
|
AuthorizationEndpoint string `json:"authorizationEndpoint,omitempty"`
|
|
TokenEndpoint string `json:"tokenEndpoint,omitempty"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
IDPDisplayNameMapping OIDCMappingField `json:"IDPDisplayNameMapping,omitempty"`
|
|
UserNameMapping OIDCMappingField `json:"usernameMapping,omitempty"`
|
|
IsIDTokenMapping bool `json:"idTokenMapping,omitempty"`
|
|
UsePKCE bool `json:"usePKCE,omitempty"`
|
|
}
|
|
|
|
type IDPOIDC struct {
|
|
*IdentityProvider
|
|
OIDC
|
|
}
|
|
|
|
type JWT struct {
|
|
JWTEndpoint string `json:"jwtEndpoint,omitempty"`
|
|
Issuer string `json:"issuer,omitempty"`
|
|
KeysEndpoint string `json:"keysEndpoint,omitempty"`
|
|
HeaderName string `json:"headerName,omitempty"`
|
|
}
|
|
|
|
type IDPJWT struct {
|
|
*IdentityProvider
|
|
JWT
|
|
}
|
|
|
|
type OAuth struct {
|
|
ClientID string `json:"clientId,omitempty"`
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
|
|
AuthorizationEndpoint string `json:"authorizationEndpoint,omitempty"`
|
|
TokenEndpoint string `json:"tokenEndpoint,omitempty"`
|
|
UserEndpoint string `json:"userEndpoint,omitempty"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
IDAttribute string `json:"idAttribute,omitempty"`
|
|
UsePKCE bool `json:"usePKCE,omitempty"`
|
|
}
|
|
|
|
type IDPOAuth struct {
|
|
*IdentityProvider
|
|
OAuth
|
|
}
|
|
|
|
//go:generate enumer -type AzureTenantType -transform lower -trimprefix AzureTenantType
|
|
type AzureTenantType uint8
|
|
|
|
const (
|
|
AzureTenantTypeCommon AzureTenantType = iota
|
|
AzureTenantTypeOrganizations
|
|
AzureTenantTypeConsumers
|
|
)
|
|
|
|
type Azure struct {
|
|
ClientID string `json:"client_id,omitempty"`
|
|
ClientSecret *crypto.CryptoValue `json:"client_secret,omitempty"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
Tenant string `json:"tenant,omitempty"`
|
|
IsEmailVerified bool `json:"isEmailVerified,omitempty"`
|
|
}
|
|
|
|
type IDPOAzureAD struct {
|
|
*IdentityProvider
|
|
Azure
|
|
}
|
|
|
|
type Google struct {
|
|
ClientID string `json:"clientId"`
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
}
|
|
|
|
type IDPGoogle struct {
|
|
*IdentityProvider
|
|
Google
|
|
}
|
|
|
|
type Github struct {
|
|
ClientID string `json:"clientId"`
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
}
|
|
|
|
type IDPGithub struct {
|
|
*IdentityProvider
|
|
Github
|
|
}
|
|
|
|
type GithubEnterprise struct {
|
|
ClientID string `json:"clientId,omitempty"`
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
|
|
AuthorizationEndpoint string `json:"authorizationEndpoint,omitempty"`
|
|
TokenEndpoint string `json:"tokenEndpoint,omitempty"`
|
|
UserEndpoint string `json:"userEndpoint,omitempty"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
}
|
|
|
|
type IDPGithubEnterprise struct {
|
|
*IdentityProvider
|
|
GithubEnterprise
|
|
}
|
|
|
|
type Gitlab struct {
|
|
ClientID string `json:"clientId,omitempty"`
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
}
|
|
|
|
type IDPGitlab struct {
|
|
*IdentityProvider
|
|
Gitlab
|
|
}
|
|
|
|
type GitlabSelfHosting struct {
|
|
Issuer string `json:"issuer"`
|
|
ClientID string `json:"clientId,omitempty"`
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
}
|
|
|
|
type IDPGitlabSelfHosting struct {
|
|
*IdentityProvider
|
|
GitlabSelfHosting
|
|
}
|
|
|
|
type LDAP struct {
|
|
Servers []string `json:"servers"`
|
|
StartTLS bool `json:"startTLS"`
|
|
BaseDN string `json:"baseDN"`
|
|
BindDN string `json:"bindDN"`
|
|
BindPassword *crypto.CryptoValue `json:"bindPassword"`
|
|
UserBase string `json:"userBase"`
|
|
UserObjectClasses []string `json:"userObjectClasses"`
|
|
UserFilters []string `json:"userFilters"`
|
|
Timeout time.Duration `json:"timeout"`
|
|
RootCA []byte `json:"rootCA"`
|
|
|
|
LDAPAttributes
|
|
}
|
|
|
|
type LDAPAttributes struct {
|
|
IDAttribute string `json:"idAttribute,omitempty"`
|
|
FirstNameAttribute string `json:"firstNameAttribute,omitempty"`
|
|
LastNameAttribute string `json:"lastNameAttribute,omitempty"`
|
|
DisplayNameAttribute string `json:"displayNameAttribute,omitempty"`
|
|
NickNameAttribute string `json:"nickNameAttribute,omitempty"`
|
|
PreferredUsernameAttribute string `json:"preferredUsernameAttribute,omitempty"`
|
|
EmailAttribute string `json:"emailAttribute,omitempty"`
|
|
EmailVerifiedAttribute string `json:"emailVerifiedAttribute,omitempty"`
|
|
PhoneAttribute string `json:"phoneAttribute,omitempty"`
|
|
PhoneVerifiedAttribute string `json:"phoneVerifiedAttribute,omitempty"`
|
|
PreferredLanguageAttribute string `json:"preferredLanguageAttribute,omitempty"`
|
|
AvatarURLAttribute string `json:"avatarURLAttribute,omitempty"`
|
|
ProfileAttribute string `json:"profileAttribute,omitempty"`
|
|
}
|
|
|
|
type IDPLDAP struct {
|
|
*IdentityProvider
|
|
LDAP
|
|
}
|
|
|
|
type Apple struct {
|
|
ClientID string `json:"clientId"`
|
|
TeamID string `json:"teamId"`
|
|
KeyID string `json:"keyId"`
|
|
PrivateKey *crypto.CryptoValue `json:"privateKey"`
|
|
Scopes []string `json:"scopes,omitempty"`
|
|
}
|
|
|
|
type IDPApple struct {
|
|
*IdentityProvider
|
|
Apple
|
|
}
|
|
|
|
type SAML struct {
|
|
Metadata []byte `json:"metadata,omitempty"`
|
|
Key *crypto.CryptoValue `json:"key,omitempty"`
|
|
Certificate []byte `json:"certificate,omitempty"`
|
|
Binding string `json:"binding,omitempty"`
|
|
WithSignedRequest bool `json:"withSignedRequest,omitempty"`
|
|
NameIDFormat *domain.SAMLNameIDFormat `json:"nameIDFormat,omitempty"`
|
|
TransientMappingAttributeName string `json:"transientMappingAttributeName,omitempty"`
|
|
FederatedLogoutEnabled bool `json:"federatedLogoutEnabled,omitempty"`
|
|
}
|
|
|
|
type IDPSAML struct {
|
|
*IdentityProvider
|
|
SAML
|
|
}
|
|
|
|
// IDPIdentifierCondition is used to help specify a single identity_provider,
|
|
// it will either be used as the identity_provider ID or identity_provider name,
|
|
// as identity_provider can be identified either using (instanceID + OrgID + ID) OR (instanceID + OrgID + name)
|
|
type IDPIdentifierCondition interface {
|
|
database.Condition
|
|
}
|
|
|
|
type idProviderColumns interface {
|
|
InstanceIDColumn() database.Column
|
|
OrgIDColumn() database.Column
|
|
IDColumn() database.Column
|
|
StateColumn() database.Column
|
|
NameColumn() database.Column
|
|
TypeColumn() database.Column
|
|
AllowCreationColumn() database.Column
|
|
AutoRegisterColumn() database.Column
|
|
AllowAutoCreationColumn() database.Column
|
|
AllowAutoUpdateColumn() database.Column
|
|
AllowLinkingColumn() database.Column
|
|
AllowAutoLinkingColumn() database.Column
|
|
StylingTypeColumn() database.Column
|
|
PayloadColumn() database.Column
|
|
CreatedAtColumn() database.Column
|
|
UpdatedAtColumn() database.Column
|
|
}
|
|
|
|
type idProviderConditions interface {
|
|
InstanceIDCondition(id string) database.Condition
|
|
OrgIDCondition(id *string) database.Condition
|
|
IDCondition(id string) IDPIdentifierCondition
|
|
StateCondition(state IDPState) database.Condition
|
|
NameCondition(name string) IDPIdentifierCondition
|
|
TypeCondition(typee IDPType) database.Condition
|
|
AutoRegisterCondition(allow bool) database.Condition
|
|
AllowCreationCondition(allow bool) database.Condition
|
|
AllowAutoCreationCondition(allow bool) database.Condition
|
|
AllowAutoUpdateCondition(allow bool) database.Condition
|
|
AllowLinkingCondition(allow bool) database.Condition
|
|
AllowAutoLinkingCondition(linkingType IDPAutoLinkingOption) database.Condition
|
|
StylingTypeCondition(style int16) database.Condition
|
|
PayloadCondition(payload string) database.Condition
|
|
}
|
|
|
|
type idProviderChanges interface {
|
|
SetName(name string) database.Change
|
|
SetState(state IDPState) database.Change
|
|
SetAllowCreation(allow bool) database.Change
|
|
SetAutoRegister(allow bool) database.Change
|
|
SetAllowAutoCreation(allow bool) database.Change
|
|
SetAllowAutoUpdate(allow bool) database.Change
|
|
SetAllowLinking(allow bool) database.Change
|
|
SetAutoAllowLinking(allow bool) database.Change
|
|
SetStylingType(stylingType int16) database.Change
|
|
SetPayload(payload string) database.Change
|
|
}
|
|
|
|
type IDProviderRepository interface {
|
|
idProviderColumns
|
|
idProviderConditions
|
|
idProviderChanges
|
|
|
|
Get(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IdentityProvider, error)
|
|
List(ctx context.Context, conditions ...database.Condition) ([]*IdentityProvider, error)
|
|
|
|
Create(ctx context.Context, idp *IdentityProvider) error
|
|
Update(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string, changes ...database.Change) (int64, error)
|
|
Delete(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (int64, error)
|
|
|
|
GetOIDC(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPOIDC, error)
|
|
GetJWT(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPJWT, error)
|
|
|
|
GetOAuth(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPOAuth, error)
|
|
|
|
GetOAzureAD(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPOAzureAD, error)
|
|
GetGoogle(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGoogle, error)
|
|
GetGithub(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGithub, error)
|
|
GetGithubEnterprise(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGithubEnterprise, error)
|
|
GetGitlab(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGitlab, error)
|
|
GetGitlabSelfHosting(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGitlabSelfHosting, error)
|
|
GetLDAP(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPLDAP, error)
|
|
GetApple(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPApple, error)
|
|
GetSAML(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPSAML, error)
|
|
}
|